If you are reading this post, it means you were not given the Mufasa treatment while trying to take home that 65" LED flat-screen earlier this morning. Yes, leaving in its wake ransacked shelves and obstacle courses of discarded items, Black Friday is officially here, marking the beginning of the holiday shopping insanity.
This time of year is a feeding frenzy for hackers and cybercriminals hungry to exploit the large volume of E-commerce purchases. With Cyber Monday right around the corner, have you trained your end users to practice safe online habits? A new infographic by ZeroFOX depicts that 64% of organizations report an increase in cybercrime on Cyber Monday, and phishing links go up as much as 336% around Thanksgiving.
What scams should your clients be on the lookout for over the next month?
First, let's look at the tactics successful cybercriminals employ when casting their reels...
What are Different Phishing Techniques Used by Attackers?
The scope of phishing attacks is constantly expanding, but frequent offenders tend to:
- Embed a link in an email that redirects the user to an unsecured website that requests sensitive information
- Install a Trojan via a malicious email attachment or ad which will allow the intruder to exploit loopholes and obtain sensitive information
- Spoof the sender address in an email to appear as a reputable source and request sensitive information
- Attempt to obtain company information over the phone by impersonating a known company vendor or IT department
How Can I Help My Clients Avoid Phishing Attacks?
Offering proactive end user education is critical to protecting client data. You can't assume every employee at the companies you serve understands cybersecurity best practices. With threats becoming increasingly sophisticated, you want to highlight these five preventative behaviors and stress that staff adheres to them:
1. Don't reveal personal or financial information in an email.
Furthermore, make sure they know not to respond to email solicitations for this information. This includes clicking on links sent in these emails.
2. Before sending sensitive information over the Internet, check the security of the website.
Are they practicing safe browsing habits?
3. Pay attention to the website's URL.
Not all emails or email links seem phishy, and your clients may be lured into a false sense of security. Teach them that many malicious websites fool end users by mimicking legitimate websites. One way to sniff this out is to look at the URL (if it's not hidden behind non-descript text). They may be able to detect and evade the scheme by finding variation in spellings or a different domain (e.g., .com versus .net).
4. Verify suspicious email requests by contacting the company they're believed to be from directly.
If say your clients receive an email from Bank of America that seems to be off, instruct them to reach out to the bank with their inquiry. Specify that they'll want to contact the company using information provided on an account statement, NOT information provided in the email.
5. Keep a clean machine.
Having the latest operating system, software, web browsers, antivirus protection and apps are the best defenses against viruses, malware, and other online threats. Clients can ensure this is seen to by investing in the right managed IT services provider, one who'll be a trusted advisor for all of their IT needs. Are you that provider?
Email phishing is a 24x7x365 security concern your end users must be knowledgeable of, but with today kicking off the holiday shopping season, be prepared for an influx of malicious activity. Cyber Monday is right around the corner and with it, comes a whole new host of data security risks and attack vectors.
How Can My Clients Stay Safe this Cyber Monday?
Scammers can be lurking with bogus websites and fake emails to steal victims' money and identities. As such, advise your clients to:
1. Be wary of emails with enticing sales.
As we covered above, following links from phony e-mail is one of the oldest methods for perpetrating any online scam. This holiday season, attackers will attempt to fool clients with messages teasing unbeatable sales at known sites, like Best Buy and Amazon. Make sure your end users don't click these links. Instead, have them open their Web browser, enter the URL to the site offering these discounts and search for these "steals of a deal" manually. If they can't find the amazing offer, it's likely a scam.
2. Shop only on websites they know and trust.
With many retailers offering deep discounts, sometimes as much as 50 percent, it may be tough to figure out which deals are too good to be true.
3. Secure their purchases.
Your clients should only enter credit card details on web pages that use SSL (secure sockets layer) security. To determine this, they should check to see that the URL for the page begins with "https://" and not "http://." That "s" lets you know the site is secure. Most browsers will also show a lock icon in the lower right corner of the browser window to let you know you're on a secure site.
4. Pay with credit cards only.
Encourage your end users to pay for online purchases with a credit card as opposed to a wire transfer or other non-plastic payment method. Federal laws let you dispute an item on your credit card bill if you don't receive your purchase, and many credit card providers also have "zero liability" policies meaning you're off the hook if a bad guy gets your credit card and starts using it.
5. Use different passwords across multiple sites.
Attackers will use the same user name/email and password combinations harvested in an attack across multiple sites. These cybercriminals freely trade this information and have the time and resources to try the combinations against multiple sites. Share these tips to help improve password security!
6. Create a "throw away email account."
All of the major email services like Gmail and Yahoo allow you to create free email accounts. Consider suggesting that end users create an email account just for this year's shopping and stop using it after the holidays. Furthermore, have them use this email address as their user name for all online transactions that require one. This will reduce SPAM in their primary email accounts, and help keep attackers from gaining access and obtaining sensitive data shared there.
Need help explaining the state of cybercrime and its impact to your clients? Check out our cybersecurity overview MSPedia article, and share these quick tips!
By Lily Teplow
By Brian Downey
By Dave LeClair